2. Cloud Data Security

2.1 Understand Cloud Data Lifecycle (CSA Guidance)
»» Phases
»» Relevant Data Security Technologies
2.2 Design and Implement Cloud Data Storage Architectures
»» Storage Types (e.g. long term, ephemeral, raw-disk)
»» Threats to Storage Types (e.g., ISO/IEC 27040)
»» Technologies Available to Address Threats (e.g., encryption)
2.3 Design and Apply Data Security Strategies
»» Encryption
»» Key Management
»» Masking
»» Tokenization
»» Application of Technologies (e.g., time of storage vs. encryption needs)
»» Emerging Technologies (e.g., bit splitting,data obfuscation, homomorphic encryption)
2.4 Understand and Implement Data Discovery and Classification Technologies
»» Data Discovery
»» Classification
2.5 Design and Implement Relevant Jurisdictional Data Protections for Personally Identifiable Information (PII)
»» Data Privacy Acts
»» Implementation of Data Discovery
»» Classification of Discovered Sensitive Data
»» Mapping and Definition of Controls
»» Application of Defined Controls for PII (in
consideration of customer’s Data Privacy Acts)
2.6 Design and Implement Data Rights Management
»» Data Rights Objectives (e.g. provisioning, users and roles, role-based access)
»» Appropriate Tools (e.g., Issuing and replication of certificates)
2.7 Plan and Implement Data Retention, Deletion, and Archiving Policies
»» Data Retention Policies
»» Data Deletion Procedures and Mechanisms
»» Data Archiving Procedures and Mechanisms
2.8 Design and Implement Auditability, Traceability and Accountability of Data Events
»» Definition of Event Sources and Identity Attribution Requirement
»» Data Event Logging
»» Storage and Analysis of Data Events (e.g.security information and event management)
»» Continuous Optimizations (e.g. new events detected, add new rules, reductions of false positives)
»» Chain of Custody and Non-repudiation